I'm an administrator of a phabricator installation. How can I add some roles to configure permissions? Such as setting a new user group, en/disabled some buttons/functions etc.
Phabricator doesn't really have roles. Instead, if you want to group your users, you would group them with a project. Then you would grant access to areas of the application to that project. When the employee is re-assigned, add them to the new project. If they get a promotion (i.e. developer to Sr. developer) they may have new privileges and responsibilities; add them to a 'project' that reflects what they should be allowed to do.
Related
for a project on which I work, we would like an admin user to be added to the database at the start of the first deployment automatically because for the moment it is done manually. if you have tips please share them with me
In a symfony 5.0 application I need to integrate a filemanager that provides basic file handling for users.
Each user is only allowed to manage files in his specific user folder which (obviously) is not in the public folder but at some path like
../data/images/[user_id]/
The filemanager of my choice needs this one path as a parameter to do it's magic.
How can I define access rules in symfony to define this behaviour to grant access to a specific but dynamic path which depends on the currently logged in user?
You have to deal with that problem in your controller or in the file manager. You have to create a database schema which register the access rights per user and per directory.
You can create a many to many or a many to one relation between user and directory entity. This relation maps the directory with his owner
If each user have a directory, you can create it directly when the user is created.
If the user can have no directory, you can create the directory only when he decide to create one.
If a user can have multiple directories (many to many relation) you have to create the directory each time a user decide to create one.
In order to deal with the access rights you have to create a second relation between user and directory. This relation maps the directory with his users who can access to it
I think this relation should be many to many because obviously in your case a user can access many directories and directories can be accessed by many users
In order to know if a user can access a resource, the file manager will get the access rights from the database then either provide the file or return an error
We are using Plone 4.2.2 and we would like to delegate user account/group creation and managing local roles on content to our tier 1 helpdesk folks. We initially thought to use the Site Administrator role and just add the Site Setup Overview and Site Setup Users and Groups permissions. This allows them to create users and groups, but they don't have access to the sharing tab to manage local roles on folder and file objects.
I'm not finding much help out there and this seems like it would be a fairly common delegation. In fact, I'm surprised there isn't a role specifically for this. Giving Manager role to our tier 1 is a little scary.
Any suggestions would be greatly appreciated.
I found this thread that referenced Managing Users, but not the local roles on content
How to create a Plone 4 group who's sole purpose is to manage users?
The access to the sharing tab is only about permission.
You must give to your users the "Sharing page: Delegate roles" and all needed permission named "Sharing page: Delegate XXX role".
But to be honest I think that the Site Administrator role already have all those power you need.
What I would do is that instead of using the normal Plone user manager I'd
write a custom, simplified, user management form in Python add-on
form does sanity checks by allowing creating only of certain kind of users with certain roles
form also can delegate setting local roles on folders programmatically (no need to go to Sharing tab)
expose this form through a special new permission
Give the permission for the form to Tier 1 support personnel
As the use case is very specialized it might be easier to write your own manager form than customizing existing Plone logic.
I have created a user TridReadWrit (not admin user) in tridion and assigned to group Developer
The user has Read/Write permission on Tridion Building Blocks.
Below permissions are enabled for the user- Permission is set at 'Test Publication'>Property>Security Tab> Developer Group
Publication Management
Folder Management Structure Group Management
Schema Management
Component Management
Component Template Management
Page Management Page
Template Management Publish To Content
Distributor Workflow Management
Category Management
Template Building Block Management
Virtual Folder Management
Also I tried set all permissions except -tried second time 'Test Publication'>Property>Security Tab> Developer Group
Publication Management
Permission Management
Both the situations the user TridReadWrit not able to delete Page Template(created by the same user)
You have to provide delete permission to user or group. Go to building blocks folder containing PT and and choose Properties in the context menu.
In the security tab assign the Delete permission to user or group.
Hope it helps.
i'd like to create a Unique Web Site Administration Tool (UWSAT) to admin all users for all my websites on production server.
Basically the idea is to have the UWSAT with only an admin user; when the admin log the tool he could navigate the applications, select one and see its users . He could add new user to an existing application, or create a user specifying a new application name (as far as i know that create the application too).
The problem i'm facing is that to add a user to an application i have to set the Membership.ApplicationName but i read this should be avoided.
So i ask you : should i create a different MembershipProvider for each application and call it when i have to manage users for that application?
Thanks.
I recommend creating a role, and assigning it to the users. The role would be the application they should have access to.
The RoleProvider is one way to do this.